APT37, also known as Reaper or Group123, is an advanced persistent threat group believed to be based in North Korea. One of the tools that APT37 has been associated with is the Goldbackdoor, also known as RokRAT. Goldbackdoor is a type of remote access trojan (RAT) that is used to gain unauthorized access to a targeted computer system. Once installed, the RAT allows the attacker to control the system, steal data, and execute commands remotely.
The Goldbackdoor RAT is highly sophisticated and uses a number of advanced techniques to avoid detection, including anti-analysis and anti-debugging techniques. APT37 has been linked to a number of high-profile attacks using Goldbackdoor, including attacks against South Korean targets. The group has also been linked to attacks against targets in Japan, Vietnam, and the Middle East. The APT37 group is known for its advanced cyber capabilities and its ability to carry out sophisticated attacks with a high degree of stealth and persistence. As such, the group represents a significant threat to global cybersecurity and is closely monitored by law enforcement and intelligence agencies around the world.
Their recent campaign involves the use of malicious files in the form of .zip and .link files named “Key Data 2023 Quarterly Cambodia Poll Appendix/.zip and Quarterly Cambodia Poll Appendix.pdf.lnk, lnk contains double base64 encoded.